SSNs and other personal
information were inadvertently posted on a publicly accessible
MSU Web site. The breach was discovered last week and
the information has since been removed.

Information Source:
Dataloss DB

records from this breach used in our total:
2,400

December 19, 2006

Velocita Wireless, Sprint NextelWoodbridge, New Jersey

BSR

PORT

255

A laptop from the human resources department was stolen during an office burglary on or around October 24. It contained current and former employee names, dates of birth, Social Security numbers and salary information. Affected individuals were contacted between December 13 and 15.

Information Source:
Dataloss DB

records from this breach used in our total:
255

December 20, 2006

Lakeland Library CooperativeGrand Rapids, Michigan

GOV

DISC

15,000 (No SSNs or financial information reported)

Lakeland Library Cooperative serves 80 libraries in eight counties.

Personal information of
15,000 library users in West Michigan was displayed on the Cooperative's
Web site due to a technical problem. Information exposed included
names, phone numbers, e-mail addresses, street addresses, and library
card numbers. Children's names were also listed along with their parents'
names on a spreadsheet document. The information has since been removed.

Information Source:
Dataloss DB

records from this breach used in our total:
0

December 20, 2006

Big Foot High SchoolWalworth, Wisconsin

EDU

DISC

87

Personal information was
accidentally exposed on the High School's Web site for a short time,
perhaps for about 36 minutes, according to a report. Information included
last names, SSNs, and birthdates. Current and former employees were affected.

Information Source:
Dataloss DB

records from this breach used in our total:
87

December 20, 2006

Lake County residents and Major League Baseball playersNorthbrook, Illinois

BSO

PHYS

27 residents of Lake County, 90 Major League Baseball players

A Chicago man apparently
removed documents from a trash bin outside SFX Baseball Inc., a sports
agency that deals with Major League Baseball. Some current and former MLB players and county residents were affected.He used information
from the documents to commit identity theft. Information found during a search of the thief's
home included SSNs, dates of birth, canceled paychecks, obituaries, and
infant death records.

Information Source:
Dataloss DB

records from this breach used in our total:
117

December 20, 2006

Deb Shops, Inc.Philadelphia, Pennsylvania

BSR

HACK

Unknown

(800) 460-9704

A hacker illegally accessed
company Web pages and a related data base used for Internet-based
purchases. The intruder may have accessed customers' credit card information
including names on cards and credit card numbers.

Information Source:
Dataloss DB

records from this breach used in our total:
0

December 21, 2006

Santa Clara County employment agencySanta Clara County, California

GOV

STAT

2,500

A computer stolen from
the agency holds the SSNs of approximately 2,500 individuals.

Information Source:
Dataloss DB

records from this breach used in our total:
2,500

December 21, 2006

Goal Financial, LLCSan Diego, California

BSF

STAT

34,000

The location listed is the headquarters. It is not clear where the incident took place.

A portion of borrowers' names and Social Security numbers were on four hard drives that were accidentally sold before being wiped clean. Employees transferred more than 7,000 files with consumer information to third parties without authorization, and one employee sold the hard drives to the public surplus. The hard drives were retrieved after the mistake was realized on June 13. Affected individuals were notified in June. The student loan company agreed to settle FTC charges in December. The company violated the FTC's Privacy Rule by failing to take reasonable and appropriate measures to protect personal information.

Information Source:
Dataloss DB

records from this breach used in our total:
34,000

December 21, 2006

Hunter College of the City University of New YorkNew York, New York

EDU

DISC

140

The full names and Social Security numbers of certain individuals were on a spreadsheet that an employee emailed to a group of students on November 8. Students were instructed to delete the file after the discovery. At least 140 New York residents were affected, but the total number of people affected nationwide was not revealed.

Information Source:
Dataloss DB

records from this breach used in our total:
140

December 21, 2006

Wake County Public School SystemRaleigh, North Carolina

EDU

PORT

3,396

A flash drive that contained employee names and Social Security numbers was misplaced. The flash drive was found two days later.

Information Source:
Dataloss DB

records from this breach used in our total:
3,396

December 21, 2006

City University of New YorkNew York, New York

EDU

DISC

96

Confidential data from the University server was accidentally made available through a Google search. The error was discovered on October 17 and faculty, students and staff were affected. The information included full names, Social Security numbers, dates of birth, addresses, email addresses and University library identification card numbers. The copy of the file was removed from Google on October 20.

Information Source:
Dataloss DB

records from this breach used in our total:
96

December 21, 2006

New York City Human Resources AdministrationBrooklyn, New York

GOV

PORT

7,800

Information from the Office of Temporary and Disability Assistance and the New York State Department of Health was exposed.

A hard drive with human resources information was discovered to be missing. The hard drive may have had temporary and disability assistance applicant reports with names, Social Security numbers and dates of birth.

Information Source:
Dataloss DB

records from this breach used in our total:
7,800

December 22, 2006

Texas Woman's UniversityDallas, Texas

EDU

DISC

15,000 students

Additional locations: Denton and Houston, TX

A document containing names,
addresses and SSNs of 15,000 TWU students was transmitted over a non-secure
connection.

Information Source:
Media

records from this breach used in our total:
15,000

December 22, 2006

Utah Valley State CollegeOrem, Utah

EDU

DISC

15,000

Social Security numbers and other personal information of students and faculty were accessible via Yahoo's search engine. The information was removed from UVSC's servers. Some Distance Education instructors and some students enrolled in UVSC courses between January 2002 and January 2005 were affected.

Information Source:
Dataloss DB

records from this breach used in our total:
15,000

December 27, 2006

Montana State UniversityBozeman, Montana

EDU

DISC

259

A student working in the
loan office mistakenly sent packets containing lists of student names,
Social Security numbers, and loan information to other students.

Information Source:
Dataloss DB

records from this breach used in our total:
259

December 27, 2006

Deaconess HospitalEvansville, Indiana

MED

PHYS

128 patients

A computer missing from
the hospital holds personal information, including SSNs, of 128 respiratory
therapy patients.

Information Source:
Dataloss DB

records from this breach used in our total:
128

December 28, 2006

U.S. State Department Washington, District Of Columbia

GOV

PHYS

700

A bag containing approximately
700 completed passport applications, which included Social Security numbers, was reported missing on December
1. The bag, which was supposed to be shipped to Charlotte, NC, was
found later in the month at Los Angeles International Airport.

Information Source:
Dataloss DB

records from this breach used in our total:
700

December 30, 2006

KeyCorp Cleveland, Ohio

BSF

PORT

9,300

A laptop computer stolen
from a KeyCorp vendor contains personally identifiable information,
including SSNs, of 9,300 customers in six states.

Tax forms were mailed to
taxpayers in which SSNs were inadvertently printed on the front of
some Form 1 booklets. Some were retrieved before they were mailed.

Information Source:
Dataloss DB

records from this breach used in our total:
171,000

January 2, 2007

Notre Dame UniversityNotre Dame, Indiana

EDU

PORT

Unknown

Additional location: South Bend, IN

A University Director's
laptop was stolen before Christmas. It contained personal information
of employees, including names, SSNs, and salary information.

Information Source:
Dataloss DB

records from this breach used in our total:
0

January 2, 2007

News accounts are not clear as to source, but thought to be a realty officeLas Vegas, Nevada

BSO

PHYS

Unknown

About 40 boxes of financial
paperwork, thought to be from loan applications, was found in a dumpster.
One of the boxes visible to news reporters was said to contain paperwork
with bank account details, photocopies of driver's licenses, SSNs
and other private information.

Information Source:
Media

records from this breach used in our total:
0

January 2, 2007

BayRock MortgageAlpharetta, Georgia

BSF

PORT

197

The location listed is the BayRock office and may not be where the theft occurred.

A laptop with investor information was lost when an employee's rental car that it was in was stolen.

Information Source:
Dataloss DB

records from this breach used in our total:
197

January 3, 2007

Academic Magnet High SchoolNorth Charleston, South Carolina

EDU

PORT

500 (No SSNs or financial information reported)

A recent burglary makes it the third time that computers were stolen during campus burglaries. Two other incidents occurred in November. Student information was on the laptop stolen in the recent burglary. School officials felt that risk of identity theft was extremely low because the information was password protected and encrypted.

Information Source:
Dataloss DB

records from this breach used in our total:
0

January 4, 2007

Selma, North Carolina, Water Treatment PlantJohnston County, North Carolina

GOV

PORT

300

A laptop stolen from the
water treatment facility holds the names and SSNs of Selma volunteer
firefighters.

Information Source:
Dataloss DB

records from this breach used in our total:
300

January 5, 2007

Dr. Baceski's office, internal medicineSomerset, Pennsylvania

MED

PORT

hundreds of patients

A hard drive was stolen
containing personal information on hundreds of patients.

Information Source:
Media

records from this breach used in our total:
0

January 9, 2007

Towers PerrinNew York, New York

BSF

INSD

300,000

Around 18,000 past and present employees, presumably of Altria, and 6,300 employees of Philip Morris were affected.

Five laptops were stolen from
Towers Perrin, allegedly by a former employee. The theft occurred
Nov. 27, 2006. The computers contain names, SSNs, and other pension-related
information, presumably of several companies, although news reports
are not clear. Companies named include Altria (unknown number, possibly 18,000 employees) and Philip Morris (6,300 employees).

UPDATE
(1/11/07): NY police arrested a junior-level administrative
employee of the company in the theft of the laptops.

Breaches occurred in November
and December 2006 that affected services with UA Student Unions, University
Library, and UA Procurement and Contracting Services. Some services
were shut down for several days.

Information Source:
Dataloss DB

records from this breach used in our total:
0

January 10, 2007

Advent Software Inc.San Francisco, California

BSR

PORT

Unknown

A laptop was stolen from the office on or around November 20. It contained employee Social Security numbers and addresses. Employees were notified in December. At least 21 New Hampshire residents were affected, but the total number of affected individuals nationwide was not revealed.

Information Source:
Dataloss DB

records from this breach used in our total:
0

January 10, 2007

New Hope ChurchDurham, North Carolina

NGO

PORT

45

Current and former employee information was on a stolen laptop. The laptop was taken from the church offices during a December 31 burglary. Names, Social Security numbers, addresses and payroll information was on the stolen laptop.

Information Source:
Dataloss DB

records from this breach used in our total:
45

January 11, 2007

University of IdahoMoscow, Idaho

EDU

STAT

70,000

(866) 351-1860

Over Thanksgiving weekend,
3 desktop computers were stolen from the Advancement Services office
containing personal information of alumni, donors, employees, and
students. 331,000 individuals may have been exposed, with as many
as 70,000 records containing SSNs, names and addresses.

A former employee of an affiliated company accessed customer records and was eventually discovered to be part of a credit card fraud investigation. The records found included names, addresses, Social Security numbers and dates of birth.

Information Source:
Dataloss DB

records from this breach used in our total:
67

January 12, 2007

MoneyGram InternationalMinneapolis, Minnesota

BSF

HACK

79,000

MoneyGram, a payment service
provider, reported that a company server was unlawfully accessed over
the Internet last month. It contained information on about 79,000
bill payment customers, including names, addresses, phone numbers,
and in some cases, bank account numbers.

Information Source:
Media

records from this breach used in our total:
79,000

January 13, 2007

North Carolina Department of RevenueRaleigh, North Carolina

GOV

PORT

30,000 taxpayers

A laptop computer containing
taxpayer data was stolen from the car of a NC Dept. of Revenue employee
in mid-December. The files included names, SSNs or federal employer
ID numbers , and tax debt owed to the state.

Information Source:
Dataloss DB

records from this breach used in our total:
30,000

January 16, 2007

University of New MexicoAlbuquerque, New Mexico

EDU

STAT

Unknown

At least 3 computers and
4 monitors were stolen from the associate provost's office overnight
between Jan. 2 and 3. They may have included faculty members' names
and SSNs.

The TJX Companies Inc. experienced an unauthorized intrusion into its computer systems that process and store customer transactions including credit card, debit card, check, and merchandise return transactions. It discovered the intrusion mid-December 2006. Transaction data from 2003 as well as mid-May through December 2006 may have been accessed. According to its Web site, TJX is the leading off-price retailer of apparel and home fashions in the U.S. and worldwide.

Note on our total: included in this breach are 45,700,000 credit and debit card account numbers; 455,000 merchandise return records containing customer names and driver's license numbers; recovery of about 200,000 stolen credit card account numbers; records then 1indicated an additional 48 million people have been affected. Totals were estimated at 94 million but now seem to have affected over 100 million accounts.

UPDATE (2/22/2007):TJX said that while it first thought the intrusion took place from May 2006 to January 2007, it now thinks its computer system was also hacked in July 2005 and on various subsequent dates that year.

UPDATE (3/21/2007): Information stolen from TJX's systems was being used fraudulently in November 2006 in an $8 million gift card scheme, one month before TJX officials said they learned of the breach, according to Florida law enforcement officials.

UPDATE (3/29/2007): The company reported in its SEC filing that 45.7 million credit and debit card numbers were hacked, along with 455,000 merchandise return records containing customers' driver's license numbers, Military ID numbers or Social Security numbers.

UPDATE (4/22/2007): Initially, TJX said the break-in started seven months before it was discovered. Then, on Feb. 18, the company noted the perpetrators had access to data for 17 months, and apparently began in July 2005.

UPDATE (05/04/2007): An article in the WSJ notes that because TJX had an outdated wireless security encryption system, had failed to install firewalls and data encryption on computers using the wireless network, and had not properly install another layer of security software it had bought, thieves were able to access data streaming between hand-held price-checking devices, cash registers and the store's computers. 21 U.S. and Canadian lawsuits seek damages from the retailer for reissuing compromised cards.

UPDATE (07/10/2007): U.S. Secret Service agents found TJX customers' credit card numbers in the hands of Eastern European cyber thieves who created high-quality counterfeit credit cards. Victims are from the U.S., Europe, Asia and Canada, among other places, Several Cuban nationals in Florida were arrested with more than 200,000 credit card account numbers.

UPDATE(08/31/2007): The U.S. Secret Service Agency earlier this week said it has arrested and indicted four members of an organized fraud ring in South Florida, charging each of them with aggravated identity theft, counterfeit credit-card trafficking, and conspiracy.

UPDATE (09/21/2007): A ring leader in the TJX Cos.-linked credit card fraud, was sentenced to five years in prison and has been ordered to pay nearly $600,000 in restitution for damages resulting from stolen financial information.

UPDATE (09/25/2007): TJX announced the terms of a settlement for customers affected by the data breach -- with strings attached. Credit monitoring will be offered to about 455,000 of the 46 million affected. TJX will reimburse customers who had to replace driver's licenses as a result of the breach if they submit documentation for the time and money spent on replacing licenses. The company will give a $30 store voucher to those customers who submit documentation about their lost time and money. And TJX will hold a special 3-day sale with a 15% discount sometime in 2008. The settlement still needs to be approved by the court.

UPDATE (10/23/2007): Court filings in a case brought by banks against TJX say the number of accounts affected by the thefts topped 94 million.

UPDATE (10/23/2007):The total number of records increased from 167 million to 215 million. Recent court filings in a case brought by banks against TJX say the number of accounts affected by the thefts topped 94 million, up considerably from 45,7 million credit and debit card account numbers initially thought to be compromised. Breach costs have been estimated at $216 million.

UPDATE(11/30/2007): Fifth Third Bancorp, the Ohio bank that was fined $880,000 by Visa for its role in the customer data security breach at TJX Cos., the largest ever, also paid fines and compensation totaling $1.4 million following the loss of data from BJ's Wholesale Club Inc.

UPDATE (12/05/2007): An InternetNews.com article estimates TJX expenses at $500 million to $1 billion. In a settlement with VISA USA, TJX will pay a maximum of $40.9 million to fund an alternative recovery payments program for customers affected by the breach. At least 19 lawsuits have been filed, and there are investigations underway by the Federal Trade Commission and 37 state Attorneys General.

UPDATE (12/18/2007): TJX has settled the lawsuit for an undisclosed amount.Although both sides said the settlement total would remain confidential, TJX said the costs were covered by a $107 million reserve that it set aside against its second-quarter earnings.TJX also has said that $107 million would cover the costs of another breach agreement: a Nov. 30 deal with Visa Inc. to help pay a maximum $40.9 million to help the network's card-issuing banks recover expenses to replace customers' Visa cards.

UPDATE (2/10/2008): Notices are going out to millions of customers who may have had credit card information compromised in a data breach. The notices contain information about eligibility for compensation such as vouchers and credit monitoring to be provided under a proposed settlement.

UPDATE (4/2/2008): TJX Cos. reached a settlement with MasterCard Inc. in which it will pay up to $24 million to banks and other institutions to cover fraud losses stemming from a massive data breach disclosed last year. They also struck a similar deal with rival card network Visa in which it agreed to pay up to $40.9 million. As in that deal, TJX said the costs of its MasterCard settlement are included in the $256 million the company has set aside to pay for computer work and other costs associated with the breach.

UPDATE (5/14/2008):The TJX Companies, Inc. today announced that it completed its previously announced settlement with MasterCard International Incorporated and its issuers. Financial institutions representing 99.5% of eligible MasterCard accounts worldwide claimed to have been affected by the unauthorized computer intrusion(s) at TJX accepted the alternative recovery offer under TJX's previously announced Settlement Agreement with MasterCard.

UPDATE (8/5/2008): Eleven perpetrators allegedly involved in the hacking of nine major U.S. retailers have been charged with numerous crimes, including conspiracy, computer intrusion, fraud and identity theft. This is the largest hacking and identity theft case ever prosecuted by the U.S. Department of Justice. An indictment was returned on Aug. 5, 2008. Conspirators obtained the credit and debit card numbers by wardriving and hacking into the wireless computer networks of major retailers -- including TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. The indictments are the result of a three-year undercover investigation conducted out of the San Diego Field Office of the U.S. Secret Service.

UPDATE (8/30/2008): TrustCo BankCorp NY sued TJX in August 2008 to recoup costs it incurred from reissuing an estimated 4,000 customer MasterCard debit cards after hackers accessed the TJX computer network. The bank stated its cost for the breach was up to $20 per affected account, explaining that it suffered losses from administrative expenses and lost interest and transaction fees. Later in the month, TJX in turn claimed that Trustco failed to implement policies or procedures that would have enabled the bank to avoid canceling and replacing customer debit cards.

UPDATE (9/22/2008):One of the 11 people arrested last month in connection with the massive data theft at T JX Companies Inc., BJ Wholesale Clubs Inc. and several other retailers pleaded guilty yesterday to four felony counts, including wire and credit card fraud and aggravated identity theft. Many of the Internet attacks that he facilitated were SQL injection attacks, according to court documents. The stolen data was sold to cyber criminals in Eastern Europe and the U.S. or used to make fraudulent credit and debit cards.

UPDATE (6/26/2009): TJX has agreed to pay $9.75 million to 41 states and to implement and maintain a comprehensive information security program, designed to safeguard consumer data and address any weaknesses in TJX's systems in place at the time of the breach. Of the $9.75 million monetary payment under the settlement, $5.5 million is to be dedicated to data protection and consumer protection efforts by the states, and $1.75 million is to reimburse the costs and fees of the investigation. Further, $2.5 million of the settlement will fund a Data Security Trust Fund to be used by the state Attorneys General to advance enforcement efforts and policy development in the field of data security and protecting consumers’ personal information.

UPDATE (7/28/2009): Pennsylvania and 40 other states reached a $9.75 million settlement.

UPDATE (9/4/2009): TJX settles for $525K with four banks. As part of the settlement with AmeriFirst Bank, Trustco Bank, HarborOne Credit Union and SELCO Community Credit Union, the Framingham, Mass.-based retailer paid $525,000. The money primarily will be used to cover the banks' expenses in pursuing the legal action.

UPDATE (12/15/2009):A Miami hacker who had already pleaded guilty to computer fraud and identity theft for breaches at retailers T.J. Maxx, OfficeMax, and many other merchants, pleaded guilty on Tuesday to similar charges related to breaches at Heartland Payment Systems, 7-11, Hannaford Brothers supermarkets, and two other companies. Albert Gonzalez, 28, reiterated terms of a plea agreement in U.S. District Court in Boston. A week earlier, co-conspirator Stephen Watt of New York, appeared in that same court and was ordered to serve two years in prison and pay $171.5 million in restitution for developing a sniffing program used to grab payment card data in the breach at the TJX companies between 2003 and 2008.

UPDATE(3/17/2010): Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking. Zaman was charged with laundering between $600,000 and $800,000 for hacker Albert Gonzalez, who is currently awaiting sentencing on charges that he and others hacked into TJX, Office Max, Heartland Payment Systems and numerous other companies to steal data on more than 100 million credit and debit card accounts. Zaman pleaded guilty in April to one count of conspiracy. His sentence includes three years of supervised release with the condition that Zaman must disclose his conviction to any future employer. Upon release, Zaman will not be barred from using computers. Zaman is the second conspirator in the TJX case to be charged. Former Morgan Stanley coder, Stephen Watt, was sentenced in December to two years in prison for his role in the TJX case, which involved supplying Gonzalez with a sniffer program used to siphon card data from the TJX network.

UPDATE(3/29/2010): A 28-year-old college dropout who became the world’s biggest credit card hacker on Thursday was sentenced to 20 years in prison for stealing millions of credit union and bank account records from TJX Cos., BJ’s Wholesale Club, Office Max, Dave & Busters, Barnes & Noble and a string of other companies – even as he was working as a $75,000-a-year undercover informant for the U.S. government in identity theft cases. But that’s not the end of it, as Albert Gonzalez is scheduled to be sentenced again to additional years behind bars for additional data thefts at Heartland Payment Systems, Hannaford Bros. supermarkets and 7-Eleven convenience stores. The theft of credit card data cost financial institutions, insurers and cardholders an estimated $200 million, according to law enforcement. JC Penney and Wet Seal were both officially added to the list of retail victims of Albert Gonzalez on Friday (March 26) when U.S. District Court Judge Douglas P. Woodlock refused to continue their cloak of secrecy and removed the seal from their names. StorefrontBacktalk had reported last August that $17 billion JC Penney chain was one of Gonzalez.s victims, even though JC Penney's media representatives were denying it. But the $561 million chain Wet Seal, which has 504 stores in 47 states, Washington, D.C. and Puerto Rico, had kept their identity secret. No more and that.s the way Woodlock wanted it.

UPDATE(4/16/2010): Damon Patrick Toey, the 'trusted subordinate' of TJX hacker Albert Gonzalez, was sentenced in Boston to 5 more years in prison. He also received a $100,000 fine and three years. supervised release, according to the Justice Department.

UPDATE (7/8/2010): TJX has settled another lawsuit. The Louisiana Municipal Police Employees' Retirement System, a shareholder of TJX stock, settled with TJX for $595,000 in legal fees and enhanced oversight of customer files.

UPDATE (4/8/2011): Albert Gonzalez is appealing his conviction for his role in a
large data breach by claiming that his actions were authorized by the Secret
Service. The government acknowledged that Gonzalez was a key undercover Secret Service informant at the time of the breaches. In a 25-page petition, Gonzalez faulted one of his attorney's for failing to prepare a "Public Authority" defense, which would have argued that he committed crimes with the approval of government authorities.

Information Source:
Dataloss DB

records from this breach used in our total:
100,000,000

January 17, 2007

Rincon del Diablo Municipal Water DistrictEscondido, California

GOV

STAT

500

Additional locations:unincorporated neighborhoods outside the city, and parts of San Marcos and San Diego, CA. (760) 745-5522

Two computers were stolen
from the district office. One included names and credit card numbers
of customers.

Information Source:
Dataloss DB

records from this breach used in our total:
500

January 18, 2007

KB HomeCharleston, South Carolina

BSO

STAT

2,700

A computer was stolen from
one of the home builder's offices. It likely contained names, addresses,
and SSNs of people who had visited the sales office for Foxbank Plantation
in Berkeley County near Charleston.

Information Source:
Dataloss DB

records from this breach used in our total:
2,700

January 18, 2007

Private Medical PracticeCheektowaga, New York

MED

STAT

10,600

The December 15 office burglary of three computers may have exposed patient information. Names, Social Security numbers, addresses, dates of birth, phone numbers, insurance companies and insurance ID numbers were on the computers.

Information Source:
Dataloss DB

records from this breach used in our total:
10,600

January 19, 2007

U.S. Internal Revenue Service via City of Kansas CityKansas City, Missouri

GOV

PORT

Unknown

26 IRS computer tapes containing
taxpayer information were reported missing after they were delivered
to City Hall. They potentially contain taxpayers' names, SSNs, bank
account numbers, or employer information. The 26 tapes were the entire
shipment received by the City last August. The disappearance was noticed
late December 2006.

A company named Z II Investment Group, LLC had a number of unauthorized credit reports performed. The unauthorized reports contained name, address, Social Security number, date of birth, and partial credit card number.

Information Source:
Dataloss DB

records from this breach used in our total:
18

January 20, 2007

Greenville South Carolina County School DistrictGreenville, South Carolina

EDU

PHYS

Unknown

Boxes of personnel records were inadvertently left unsecured during renovations. Ten boxes held the names and Social Security numbers of teachers employed by the district between 1972 and 1990. Other boxes contained personnel records through 1998. District officials secured the boxes after receiving an anonymous call about the mistake.

Information Source:
Dataloss DB

records from this breach used in our total:
0

January 22, 2007

U.S. Department of Veterans AffairsSeattle, Washington

GOV

PHYS

Unknown

Folders of veterans' personal
information were stolen from a locked car in Bremerton, WA. News stories
are not clear on the type of information contained in the folders.

Information Source:
Media

records from this breach used in our total:
0

January 22, 2007

Chicago Board of ElectionChicago, Illinois

GOV

PORT

1.3 million

About 100 computer discs (CDs) with 1.3 million Chicago voters' SSNs were mistakenly distributed to aldermen and ward committeemen. The CDs also contain birth dates and addresses.

Information Source:
Dataloss DB

records from this breach used in our total:
1,300,000

January 22, 2007

Sprint NextelCharlotte, North Carolina

BSR

PORT

1,608

A laptop computer was stolen from an employee's home during a late November burglary. Information from customers nationwide was stored on the hard drive. Customers' names, addresses, Sprint Nextel account numbers and access codes, credit card numbers and phone numbers may have been exposed.

An associate professor's
laptop was stolen, containing names and SSNs of 200 students. Rutgers
no longer uses SSNs as student IDs, but student IDs from past years
are still SSNs.

Information Source:
Dataloss DB

records from this breach used in our total:
200

January 23, 2007

XeroxWilsonville, Oregon

BSR

PORT

297

A laptop was stolen from a human resources manager's car. Some of the employees affected by the incident experienced credit problems before being informed that the theft had put them at risk. One employee had multiple cell phone accounts taken out in his name a month and a half after the theft.

Information Source:
Dataloss DB

records from this breach used in our total:
297

January 24, 2007

Cornell UniversityDetroit, Michigan

EDU

PORT

122

An employee laptop was lost after being checked as baggage at Detroit Metropolitan International Airport. It contained names, Social Security numbers and credit card numbers of some people.

Information Source:
Dataloss DB

records from this breach used in our total:
122

January 25, 2007

Clay High SchoolOregon, Ohio

EDU

HACK

Unknown

A former high school student
obtained sensitive staff and student information through an apparent
security breach. The data was copied onto an iPod and included names,
birth dates, SSNs, addresses, and phone numbers.

Information Source:
Dataloss DB

records from this breach used in our total:
0

January 25, 2007

Ohio Board of NursingColumbus, Ohio

GOV

DISC

3,031

The agency's Website posted
names and SSNs of newly licensed nurses twice in the past two months. The Social Security numbers were supposed to have been removed before posting.

Information Source:
Dataloss DB

records from this breach used in our total:
3,031

Breach Total

816,044,756 RECORDS BREACHED(Please see explanation about this total.)from 4,506 DATA BREACHES made public since 2005